Given the C program ret2libc :

int vuln(char* input) { char buff[100]; strcpy(buff, input); return 0; } int main(int argc, char *argv[]) { if(argc < 2) { printf("Syntax: %s ", argv[0]); exit (0);

} vuln(argv[1]); return 0;

}

We want to exploit the program ret2libc that is vulnerable to a stack-based buffer overflow. For each of the two tasks, write and submit a commented script that writes your exploit to stdout, such that the output can be used as the argument for the target program. i) Spawn a shell via a return-to-libc attack: Exploit the vulnerability in the binary to call the function system() in libc with parameter /bin/sh. ii) With system() we can not only execute /bin/sh but arbitrary commands. To demonstrate this, write an exploit that creates the file owned in the folder s3cr3t. To do so, run the command touch s3cr3t/owned. Remember that you can inject strings into the process by setting environment variables prior to the execution. Ensure that your exploit terminates without causing a segmentation fault by calling exit() after system(). suppose the address of : function system() : 0xf7e18360 function exit(): 0xf7e0aec0 /bin/sh : 0xf7f62363 Please write a well commented script that is tested very well .